Remove domain role from glance service user
This patch removes the openstack_user resource with :grant_domain action. A user is always created within a specific domain; such a membership cannot be tacked on later. This resource gave the user the role intended for their project for the domain (i.e., for the Default domain instead of for the service project). We add the domain_name attribute that creates the glance user in the desired domain. Note that this change needs a sufficiently recent openstackclient cookbook -- otherwise the domain_name attribute is ignored (which does not matter as long as the glance user is to be created in the Default domain). Change-Id: I07086d9ab65581cdcd77d402fe0d513b03a0af69
This commit is contained in:
parent
82056093ac
commit
6ab8aa8ca7
|
@ -83,6 +83,7 @@ end
|
|||
# Register Service User
|
||||
openstack_user service_user do
|
||||
project_name service_project
|
||||
domain_name service_domain_name
|
||||
password service_pass
|
||||
connection_params connection_params
|
||||
end
|
||||
|
@ -94,12 +95,3 @@ openstack_user service_user do
|
|||
connection_params connection_params
|
||||
action :grant_role
|
||||
end
|
||||
|
||||
# Grant default domain to user with role of Service Tenant ##
|
||||
openstack_user service_user do
|
||||
domain_name service_domain_name
|
||||
role_name service_role
|
||||
user_name service_user
|
||||
connection_params connection_params
|
||||
action :grant_domain
|
||||
end
|
||||
|
|
|
@ -64,22 +64,13 @@ describe 'openstack-image::identity_registration' do
|
|||
expect(chef_run).to create_openstack_user(
|
||||
service_user
|
||||
).with(
|
||||
domain_name: domain_name,
|
||||
project_name: project_name,
|
||||
password: password,
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to grant_domain_openstack_user(
|
||||
service_user
|
||||
).with(
|
||||
domain_name: domain_name,
|
||||
role_name: role_name,
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to grant_role_openstack_user(
|
||||
service_user
|
||||
|
|
Loading…
Reference in New Issue